You may not know much about Neustar, but chances are good you interact with the company several times a day. Among other things, they run the Domain Name System for a large part of the world, and they manage several top level domains including .US and .NYC. When you switch carriers without losing your phone number, the switch happens in the local number portability database, managed by Neustar. Slicing and dicing the terabytes of data that flow through Neustar's servers gives them insights not available to all. At the RSA Conference, Neustar SVP and Senior Technologist Rodney Joffe shared some of his views on coming events in security with me.

Lock 'Em Up! "It seems pretty clear that we are not going to win the battle of preventing cyber-attacks," said Joffe. "The best we can do is to mitigate the damage. And the most effective mechanism to do that is through aggressive international cooperation, putting people behind bars."

He noted a recent success—the arrest of Alexander Panin, also known as Gribodemon, author of the SpyEye Trojan. "He went for a vacation in Thailand," said Joffe, "and the U.S. has good cooperation there. When he arrived, they arrested him and extradited him."

One arrest is just the start, though. "There's a lot more in the malware lifecycle," said Joffe. "What's going to happen, they ask a lot of questions and roundup cronies. You'll see other arrests." He noted that the state department is doing a better job of convincing foreign governments to cooperate in such cases.

Sharing Is Good Another positive trend Joffe sees on the rise is sharing of security information between the public and private sectors. "We believe that if people lose faith in the Internet, that will affect our business in the long term," he said. "We help people believe in the value and security of the Internet."

It's worth noting that when the FBI shut down the DNSChanger servers, Neustar provided the hardware to keep victims from immediately losing their Internet connection. "The government won't spend the money, so we just did it," said Joffe.

Look! Over There! Joffe is sure that Distributed Denial of Service (DDoS) attacks will continue to grow in size and complexity, but with a different purpose. "Criminals will use DDoS attacks not for extortion but to cover up thefts of financial and intellectual property," he said. "The security teams will focus on the DDoS and miss small tactical breaches."

What can companies do to avoid falling victim? Joffe expects significant growth in outsourced security. Rather than every small business trying to defend against such attacks, they'll contract with experts, perhaps the experts at Neustar.

Thanks, Target Getting back to the idea of putting cyber-criminals in jail, Joffe noted that it can be really difficult to get U.S. Attorneys to pursue cyber-crime. "If someone robs the local bank of a thousand dollars, the place is flooded with police," he said. "If someone robs an online bank of millions, you can't get a U.S. Attorney to take the case."

Judges are also a problem. "Six or seven years ago," said Joffe, "judges were so uninformed, they didn't understand anything about cybercrime. But now that those judges and attorneys have been personally affected by breaches at Target, Neiman Marcus, now they understand."

"Law enforcement is getting more help from prosecutors and judges now that they've been affected," said Joffe, "but we still need more support to investigate cyber things. The FBI has just a handful of cyber agents; that has to change."

"The main thing is to put cyber crooks in jail," he concluded. "These are kids, not hardened criminals. They have a big attitude online, but it's not real. Put them in jail, it will make an impression."

About the Author

Neil Rubenking served as vice president and president of the San Francisco PC User Group for three years when the IBM PC was brand new. He was present at the formation of the Association of Shareware Professionals, and served on its board of directors. In 1986, PC Magazine brought Neil on board to handle the torrent of Turbo Pascal tips submitted b... See Full Bio

Get Our Best Stories!

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.